Cyberpunk 2077 developers CD Projekt Red have had to issue a warning today that anyone deciding to install a mod for the game should “use caution” after a security issue was discovered.
The issue is a “vulnerability in external DLL files which can be used to execute code on PCs.” While the company works on a fix, they’re asking players to “please refrain from using files from unknown sources,” which would basically mean any mod
If you plan to use @CyberpunkGame mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.
— CD PROJEKT RED CS (@CDPRED_Support) February 2, 2021
CDPR only launched mod tools for the game last week and, in true Cyberpunk 2077 fashion, things have not been going well
https://kotaku.com/cyberpunk-2077-removes-mod-that-let-you-bang-keanu-reev-1846147544
Update – 8:25 a.m. ET, 2/5/21: CDPR says the security exploit has been fixed:
Hotfix 1.12 is now available on PC!
This update addresses the vulnerability that could be used as part of remote code execution (including save files):
– Fixed a buffer overrun issue.
– Removed/replaced non-ASLR DLLs. pic.twitter.com/LAkBfVpnXf— Cyberpunk 2077 (@CyberpunkGame) February 5, 2021
